skip to Main Content
Ransomware Attack Reported By Lenoir-Rhyne Officials
Photo Courtesy of

Ransomware Attack Reported By Lenoir-Rhyne Officials

A ransomware attack has affected a local university. On Thursday, July 16, 2020, Lenoir-Rhyne University received notification from Blackbaud of a ransomware attack that occurred in May 2020. A cybercriminal removed data for the purpose of extorting funds from Blackbaud. This ransomware attack affected many of Blackbaud’s clients, including Lenoir-Rhyne.

After discovering the attack, Blackbaud’s Cyber Security team—together with independent forensics experts and law enforcement—successfully blocked the cybercriminal from encrypting files and making them inaccessible, and that they prevented the files from being disseminated. Blackbaud paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.

Based on the nature of the incident, their research, and third party (including law enforcement) investigation, there is no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.

A news release from the university says that it is important to know that Lenoir-Rhyne does not store credit card, banking information, or Social Security numbers in the Blackbaud databases, so those were not involved in the incident. However, Blackbaud has ascertained that the compromised files may have included demographics, degree information, campus affiliations, memberships, and other data internal to Lenoir-Rhyne’s fundraising and engagement activities, such as event participation, and giving history.

The news release also says, as part of its ongoing efforts to help prevent something like this from happening in the future, Blackbaud has affirmed to Lenoir-Rhyne that it has already implemented changes to protect its system from any subsequent incidents. Blackbaud has identified the vulnerability associated with this incident, including the tactics used by the cybercriminal, and taken actions to fix it. They have also confirmed through testing by multiple third parties, including the appropriate platform vendors, that their fix withstands all known attack tactics. Additionally, they are accelerating their efforts to further harden their environment.